Ola Lundqvist pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
caf78ea3 by Ola Lundqvist at 2024-03-06T21:37:13+01:00
Marked three CVEs for suricata as minor issues for buster following bullseye.
- - - - -
233c5ee0 by Ola Lundqvist at 2024-03-06T21:37:14+01:00
Marked CVE-2024-23837 as minor issue for buster.
Suricata is the only tool in reverse depends for buster and suricata has
many similar vulnerabilities as this.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -3302,6 +3302,7 @@ CVE-2024-23839 (Suricata is a network Intrusion Detection
System, Intrusion Prev
NOTE: https://redmine.openinfosecfoundation.org/issues/6657
CVE-2024-23837 (LibHTP is a security-aware parser for the HTTP protocol.
Crafted traff ...)
- libhtp 1:0.5.46-1
+ [buster] - libhtp <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m
NOTE:
https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a
(0.5.46)
NOTE: https://redmine.openinfosecfoundation.org/issues/6444
@@ -3309,6 +3310,7 @@ CVE-2024-23836 (Suricata is a network Intrusion Detection
System, Intrusion Prev
- suricata 1:7.0.3-1
[bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc
NOTE:
https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7
(suricata-6.0.16)
NOTE:
https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc
(suricata-6.0.16)
@@ -45073,11 +45075,13 @@ CVE-2023-35853 (In Suricata before 6.0.13, an
adversary who controls an external
- suricata 1:6.0.13-1
[bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/commit/b95bbcc66db526ffcc880eb439dbe8abc87a81da
CVE-2023-35852 (In Suricata before 6.0.13 (when there is an adversary who
controls an ...)
- suricata 1:6.0.13-1
[bookworm] - suricata <no-dsa> (Minor issue)
[bullseye] - suricata <no-dsa> (Minor issue)
+ [buster] - suricata <no-dsa> (Minor issue)
NOTE:
https://github.com/OISF/suricata/commit/aee1523b4591430ebed1ded0bb95508e6717a335
NOTE:
https://github.com/OISF/suricata/commit/735f5aa9ca3b28cfacc7a443f93a44387fbacf17
CVE-2023-35849 (VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not
properly c ...)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffebe25b9dbe3c1bf27f28f7f35625ef3d8b555d...233c5ee019074dbce8d30b0dae81e0f61310e461
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/ffebe25b9dbe3c1bf27f28f7f35625ef3d8b555d...233c5ee019074dbce8d30b0dae81e0f61310e461
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
